Don’t be conned by a cold caller deploying “Windows Event Viewer”

Folks are being cold-called by individuals claiming to be a Microsoft employee. The conversation often flows like this

open Event Viewer, oh look, you have lots of red and yellow alerts, you have a malware attack, but don’t worry, for a fee we can sort it out

It’s a con … don’t play, just hang up. Many are not taken in by this and know enough to understand what the events viewer actually tells you, but what about all those elderly parents, or aunts and uncles out there who do not have the skills to smell a rat because they are not IT professionals?

One variation is that often folks having trouble at some point, post details into an online form where they describe symptoms and also ask for help. The fraudsters tap into this and harvest details, so when called, they have your name and your contact details, thus they appear to be a bit more credible, but even such details are not necessary. Call ten numbers at random, and say you’re calling on behalf of Microsoft (and sound like you know what you’re talking about), and I bet at least one or two will take you up on the offer, and sadly that is why this scam is popular.

Now lets make this 100% clear …

If you don’t have a support issue open with Microsoft, they will NEVER ever call you

OK, lets drill into Windows Event Viewer a bit so that you can understand how this scam works.

Event Viewer has been buried inside the operating system for some time now, but don’t fret if you have no idea what it does because most folks tend not to know much about it or how to use it – with good reason, its not for you. In essence, as programs run on your PC (or laptop), they write messages into log files, so “Event Viewer” is just an application that looks across these and gives you a unified view.

Every program that starts on your PC posts a notification in an event log, and every well-behaved program also posts a notification when it stops. Every system access, security change, operating-system twitch, hardware failure, driver hiccup, and more ends up in an event log. As Event Viewer scans those logs, it aggregates them, and puts a pretty interface on an otherwise voluminous — and often deathly dull — set of machine-generated data.

In theory, event logs track significant events on your PC, but in practice, what is significant is a relative term, it might indeed be truly significant to the guy who wrote the app, but from your viewpoint, is nothing to worry about.

Oh look, lots of scary looking alerts, I guess I have a virus … right?

Wrong, even the best-kept system boasts hundreds, if not thousands, of lines of scary-looking error messages. That’s normal, and does not indicate anything is amiss. This is why “Event Viewer” is hard to find; its for the techies, not you. This lack of understanding is why it is so easy to utilize it to frighten folks into paying up for supposed “warranty extensions”, or even worse, allowing them to run “diagnostic” software on your PC via remote access.

Event Viewer is not for you and me to use, it’s just for techies to diagnose what is happening, so you can safely ignore everything in it. If you experience problems, don’t accept cold-calls, instead get knowledgeable friends to assist.

If by some chance you have been scammed and let some cold-caller run some stuff on your PC …

STOP NOW Do not access or log into anything, get a complete scan of your PC done to look for viruses and hidden keyloggers.

You can find help at the Microsoft Security Essentials (info page) and Malwarebytes (site).